All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Multi-Tenant Authorization Vulnerability Found in DoD Contractor System Exposes Military Training Data

By

Strix

27d agoenNews

Summary

A security researcher discovered a critical multi-tenant authorization vulnerability in a Department of Defense contractor's system, leading to zero tenant isolation and exposure of sensitive military training data. The vulnerability was disclosed responsibly, with the researcher following a five-month disclosure timeline before the issue was addressed.

Key quotes

· 3 pulled
The vulnerability allowed complete bypass of tenant isolation, meaning any user could access data belonging to other organizations within the same system.
Military training data, including potentially sensitive operational information, was exposed due to the lack of proper authorization controls.
The responsible disclosure process took five months from initial report to full remediation of the vulnerability.
Snippet from the RSS feed
Zero tenant isolation, exposed military training data, and a five-month responsible disclosure timeline.

You might also wanna read

Security Analysis: CodeRabbit Vulnerability Led to RCE and Access to 1 Million Repositories

A detailed security disclosure explaining how researchers achieved remote code execution on CodeRabbit's production servers, leaked API toke

research.kudelskisecurity.com·9mo ago

Prompt Injection Attacks: The Top Security Threat Hijacking AI Chatbots

Prompt injection attacks are a critical security vulnerability in AI systems where hidden instructions within user data (like emails or docu

buff.ly·11h ago

Quantum computing's security threats demand urgent preparation from IT professionals

The article discusses the impending quantum computing revolution and its dual nature: promising transformative advances while simultaneously

zdnet.com·11h ago

CISA warns security teams of wave of attacks targeting software supply chain credentials

CISA has issued a warning urging security teams to check for software development compromises, specifically regarding a wave of attacks targ

cybersecuritydive.com·18h ago

Security Researchers Expose Weak Encryption in Canon Enterprise Printers

During a network security assessment, security researchers discovered that Canon enterprise printers configured with default administrator c

securityboulevard.com·1d ago

New browser-based side-channel attack uses SSD activity analysis to spy on users

Researchers have discovered a new browser-based side-channel attack that can spy on users by analyzing SSD (Solid State Drive) activity thro

arstechnica.com·1d ago